These release notes provide information about the One Identity Safeguard for Privileged Passwords 2.4 release.
The One Identity Safeguard for Privileged Passwords Appliance is built specifically for use only with the Safeguard for Privileged Passwords privileged management software, which is pre-installed and ready for immediate use. The appliance is hardened to ensure the system is secured at the hardware, operating system and software levels. The hardened appliance approach protects the privileged management software from attacks while simplifying deployment and ongoing management -- and shortening the timeframe to value.
The privileged management software provided with One Identity Safeguard for Privileged Passwords consists of the following modules:
One Identity for Privileged Sessions is part of One Identity's Privileged Access Management portfolio. Addressing large enterprise needs, Safeguard for Privileged Sessions is a privileged session management solution, which provides industry-leading access control, as well as session monitoring and recording to prevent privileged account misuse, facilitate compliance, and accelerate forensics investigations.
Safeguard for Privileged Sessions is a quickly deployable enterprise appliance, completely independent from clients and servers - integrating seamlessly into existing networks. It captures the activity data necessary for user profiling and enables full user session drill-down for forensics investigations.
One Identity Safeguard for Privileged Analytics integrates data from Safeguard for Privileged Sessions to use as the basis of privileged user behavior analysis. Safeguard for Privileged Analytics uses machine learning algorithms to scrutinize behavioral characteristics and generates user behavior profiles for each individual privileged user. Safeguard for Privileged Analytics compares actual user activity to user profiles in real time and profiles are continually adjusted using machine learning. Safeguard for Privileged Analytics detects anomalies and ranks them based on risk so you can prioritize and take appropriate action - and ultimately prevent data breaches.
One Identity Safeguard for Privileged Passwords Version 2.4 is a minor release with new features and functionality in addition to numerous bug fixes. In this release you will find custom platforms, authentication options, and Safeguard Sessions Appliance join. See New features.
NOTE: For a full list of key features in One Identity Safeguard for Privileged Passwords, see the One Identity Safeguard for Privileged Passwords Administration Guide.
The Safeguard for Privileged Passwords Appliance is built specifically for use only with the Safeguard for Privileged Passwords privileged management software that is already installed and ready for immediate use. It comes hardened to ensure the system is secure at the hardware, operating system, and software levels.
The One Identity Safeguard for Privileged Passwords 2000 Appliance specifications and power requirements are as follows.
|Safeguard for Privileged Passwords 2000||Feature / Specification|
|Processor||Intel Xeon E3-1275v5 3.60 GHz|
|# of Processors||1|
|# of Cores per Processor||4|
|L2/L3 Cache||4 x 256KB L2, 8MB L3 SmartCache|
|Chipset||Intel C236 Chipset|
|DIMMs||DDR4-2400 ECC Unbuffered DIMMs|
|Internal HD Controller||LSI MegaRAID SAS 9391-4i 12Gbps SAS3|
|Disk||4 x Seagate EC2.5 1TB SAS 512e|
|Availability||TPM 2.0, EEC Memory, Redundant PSU|
|I/O Slots||x16 PCIe 3.0, x8 PCIe 3.0|
|NIC/LOM||3 x Intel i210-AT GbE|
|Power Supplies||Redundant, 700W, Auto Ranging (100v~240V), ACPI compatible|
|Fans||4 x 40mm Counter-rotating, Non-hot-swappable|
43 x 437.0 x 597.0 (mm)
1.7 x 17.2 x 23.5 (in)
|Weight||Max: 46 lbs (20.9 Kg)|
|Miscellaneous||FIPS Compliant Chassis|
|Input Voltage||100-240 Vac|
|Power Consumption (Watts)||170.9|
The front panel of the One Identity Safeguard for Privileged Passwords 2000 Appliance contains the following controls for powering on, powering off, and scrolling through the LCD display.
Green check mark button
Use the Green check mark button to start the appliance. Press the Green check mark button for NO more than one second to power on the appliance.
Red X button
Use the Red X button to shut down the appliance. Press and hold the Red X button for four seconds until the LCD displays POWER OFF.
|Down, up, left and right arrow buttons||
When the appliance is running, the LCD home screen displays:
Use the arrow buttons to scroll through the following details:
Asset Administrators now have the ability to add a custom platform for use when adding or updating an asset. A custom platform allows Safeguard for Privileged Passwords to connect to and manage password operations on platforms that are not supported by Safeguard for Privileged Passwords out of the box. You can upload a custom platform script file to add support for any system that you want to manage. In this release, only SSH-based custom platforms are supported; other protocols will be added in future releases. To access examples of custom scripts and view commands, visit:
Auditors and Partition Administrators have read only rights to custom platforms. However, Partition Administrators retain the ability to add or remove assets.
With appropriate administration credentials, you can change the primary and secondary identity and authentication providers for authentication to Safeguard for Privileged Passwords. The feature enables customers to integrate Safeguard for Privileged Passwords with their existing identity and authentication services. For example, a customer can use Radius for primary authentication and rely upon their own company policies for functions like 2FA.
CAUTION: The SPS/SPP join feature in the Safeguard for Privileged Passwords 2.4 release is intended for proof of concept and preview purposes only. This feature should not be used in production.
The Asset Administrator can now join a Safeguard Sessions Appliance with a standalone primary Safeguard for Privileged Passwords Appliance. Once joined, all sessions are recorded via the Safeguard Sessions Appliance and the embedded sessions module for Safeguard for Privileged Passwords is no longer available.
The user initiates the join by connecting to the Safeguard Sessions Appliance over SSH, selecting Join to SPP, and providing the requested information. After the join is complete, the user restarts the desktop client to complete the connection and update settings and entitlement policy details.
Sessions recorded prior to joining the Safeguard Sessions Appliances are available to playback from local storage and in accordance with the permissions of the Safeguard for Privileged Passwords Appliance. Sessions that are archived are also available to playback.
Once a Safeguard for Privileged Passwords Appliance has been configured to use the Safeguard Sessions Appliance, it can only be reversed by a factory reset of the Safeguard Passwords Appliance or restoring a backup that was taken before the first join of Safeguard for Privileged Sessions (SPS). Either method unjoins the Sessions Appliance and redeploys the Safeguard for Privileged Passwords Appliance sessions module.